is forwarded to the config client process, which errors out only if
the settings struct is attempted to be used. This allows for example
doveadm to be called non-root and not fail even if it can't access
- ssl_key file. */
+ ssl_key_file. */
const char *delayed_error;
};
ARRAY_DEFINE_TYPE(config_module_parsers, struct config_module_parser *);
old_set_parser_apply(ctx, CONFIG_LINE_TYPE_KEYVALUE, key, value);
return TRUE;
}
- if (strcmp(key, "ssl_key_file") == 0 ||
- strcmp(key, "ssl_ca_file") == 0) {
+ if (strcmp(key, "ssl_ca_file") == 0) {
if (*value == '\0')
return TRUE;
p = t_strdup_until(key, strrchr(key, '_'));
#ifdef LDAP_OPT_X_TLS_CERT
if (conn->ssl_set.cert.cert.content != NULL)
ldap_set_option(conn->conn, LDAP_OPT_X_TLS_CERT, conn->ssl_set.cert.cert.content);
- if (conn->ssl_set.cert.key != NULL)
- ldap_set_option(conn->conn, LDAP_OPT_X_TLS_KEYFILE, conn->ssl_set.cert.key);
+ if (conn->ssl_set.cert.key.content != NULL)
+ ldap_set_option(conn->conn, LDAP_OPT_X_TLS_KEYFILE, conn->ssl_set.cert.key.content);
#endif
if (conn->ssl_set.cipher_list != NULL) {
/* NOTE: OpenLDAP's CIPHER_SUITE is actually using OpenSSL's
if (null_strcmp(conn->ssl_set.cert.cert.content,
set->ssl_set->cert.cert.content) != 0)
return FALSE;
- if (null_strcmp(conn->ssl_set.cert.key, set->ssl_set->cert.key) != 0)
+ if (null_strcmp(conn->ssl_set.cert.key.content,
+ set->ssl_set->cert.key.content) != 0)
return FALSE;
return TRUE;
}
p_strdup(pool, set->ssl_set->cert.cert.path);
conn->ssl_set.cert.cert.content =
p_strdup(pool, set->ssl_set->cert.cert.content);
- conn->ssl_set.cert.key = p_strdup(pool, set->ssl_set->cert.key);
+ conn->ssl_set.cert.key.path =
+ p_strdup(pool, set->ssl_set->cert.key.path);
+ conn->ssl_set.cert.key.content =
+ p_strdup(pool, set->ssl_set->cert.key.content);
}
i_assert(ldap_connection_have_settings(conn, set));
"ssl_ca", server_set->ssl->ca,
"ssl_cert_file", settings_file_get_value(unsafe_data_stack_pool,
&server_set->ssl->cert.cert),
- "ssl_key", server_set->ssl->cert.key,
+ "ssl_key_file", settings_file_get_value(unsafe_data_stack_pool,
+ &server_set->ssl->cert.key),
NULL,
};
struct settings_simple test_set;
return openssl_iostream_error();
else if (is_pem_key(cert)) {
return "The file contains a private key "
- "(you've mixed ssl_cert_file and ssl_key settings)";
+ "(you've mixed ssl_cert_file and ssl_key_file settings)";
} else {
return "There is no valid PEM certificate.";
}
EVP_PKEY *pkey;
BIO *bio;
- bio = BIO_new_mem_buf(set->key, strlen(set->key));
+ bio = BIO_new_mem_buf(set->key.content, strlen(set->key.content));
if (bio == NULL) {
*error_r = t_strdup_printf("BIO_new_mem_buf() failed: %s",
openssl_iostream_error());
openssl_iostream_use_certificate_error(set->cert.cert.content));
return -1;
}
- if (set->cert.key != NULL && set->cert.key[0] != '\0') {
- if (ssl_iostream_ctx_use_key(ctx, "ssl_key", &set->cert, error_r) < 0)
+ if (set->cert.key.content != NULL && set->cert.key.content[0] != '\0') {
+ if (ssl_iostream_ctx_use_key(ctx, "ssl_key_file",
+ &set->cert, error_r) < 0)
return -1;
}
if (set->alt_cert.cert.content != NULL &&
openssl_iostream_use_certificate_error(set->alt_cert.cert.content));
return -1;
}
- if (set->alt_cert.key != NULL && set->alt_cert.key[0] != '\0') {
- if (ssl_iostream_ctx_use_key(ctx, "ssl_alt_key", &set->alt_cert, error_r) < 0)
+ if (set->alt_cert.key.content != NULL &&
+ set->alt_cert.key.content[0] != '\0') {
+ if (ssl_iostream_ctx_use_key(ctx, "ssl_alt_key_file",
+ &set->alt_cert, error_r) < 0)
return -1;
}
test_set->pool = null_pool;
test_set->ca = test_ca_cert;
test_set->cert.cert.content = test_server_cert;
- test_set->cert.key = test_server_key;
+ test_set->cert.key.content = test_server_key;
test_set->dh = test_server_dh;
test_set->skip_crl_check = TRUE;
}
return TRUE;
if (!quick_strcmp(set1->cert.cert.content, set2->cert.cert.content) ||
- !quick_strcmp(set1->cert.key, set2->cert.key) ||
+ !quick_strcmp(set1->cert.key.content, set2->cert.key.content) ||
!quick_strcmp(set1->cert.key_password, set2->cert.key_password))
return FALSE;
if (!quick_strcmp(set1->alt_cert.cert.content,
set2->alt_cert.cert.content) ||
- !quick_strcmp(set1->alt_cert.key, set2->alt_cert.key) ||
+ !quick_strcmp(set1->alt_cert.key.content,
+ set2->alt_cert.key.content) ||
!quick_strcmp(set1->alt_cert.key_password,
set2->alt_cert.key_password))
return FALSE;
struct ssl_iostream_cert {
struct settings_file cert;
- const char *key;
+ struct settings_file key;
const char *key_password;
};
DEF(ENUM, ssl),
DEF(STR, ssl_ca),
DEF(FILE, ssl_cert_file),
- DEF(STR, ssl_key),
+ DEF(FILE, ssl_key_file),
DEF(FILE, ssl_alt_cert_file),
- DEF(STR, ssl_alt_key),
+ DEF(FILE, ssl_alt_key_file),
DEF(STR, ssl_key_password),
DEF(STR, ssl_dh),
DEF(STR, ssl_cert_username_field),
.ssl = "yes:no:required",
.ssl_ca = "",
.ssl_cert_file = "",
- .ssl_key = "",
+ .ssl_key_file = "",
.ssl_alt_cert_file = "",
- .ssl_alt_key = "",
+ .ssl_alt_key_file = "",
.ssl_key_password = "",
.ssl_dh = "",
.ssl_cert_username_field = "commonName",
set->ca_file = ssl_set->ssl_client_ca_file;
set->ca_dir = ssl_set->ssl_client_ca_dir;
set->cert.cert.content = ssl_set->ssl_client_cert;
- set->cert.key = ssl_set->ssl_client_key;
+ set->cert.key.content = ssl_set->ssl_client_key;
set->verify_remote_cert = ssl_set->ssl_client_require_valid_cert;
set->allow_invalid_cert = !set->verify_remote_cert;
/* client-side CRL checking not supported currently */
set->ca = ssl_server_set->ssl_ca;
settings_file_get(ssl_server_set->ssl_cert_file,
set->pool, &set->cert.cert);
- set->cert.key = ssl_server_set->ssl_key;
+ settings_file_get(ssl_server_set->ssl_key_file,
+ set->pool, &set->cert.key);
set->cert.key_password = ssl_server_set->ssl_key_password;
if (ssl_server_set->ssl_alt_cert_file != NULL &&
*ssl_server_set->ssl_alt_cert_file != '\0') {
settings_file_get(ssl_server_set->ssl_alt_cert_file,
set->pool, &set->alt_cert.cert);
- set->alt_cert.key = ssl_server_set->ssl_alt_key;
+ settings_file_get(ssl_server_set->ssl_alt_key_file,
+ set->pool, &set->alt_cert.key);
set->alt_cert.key_password = ssl_server_set->ssl_key_password;
}
set->dh = ssl_server_set->ssl_dh;
const char *ssl_ca;
const char *ssl_cert_file;
const char *ssl_alt_cert_file;
- const char *ssl_key;
- const char *ssl_alt_key;
+ const char *ssl_key_file;
+ const char *ssl_alt_key_file;
const char *ssl_key_password;
const char *ssl_dh;
const char *ssl_cert_username_field;
/* missing server credentials */
ssl_iostream_test_settings_server(&server_set);
- server_set.cert.key = NULL;
+ i_zero(&server_set.cert.key);
ssl_iostream_test_settings_client(&client_set);
client_set.verify_remote_cert = TRUE;
test_expect_error_string("client(failhost): SSL certificate not received");
projects / thirdparty / dovecot / core.git / commitdiff
